Microsoft Defender Zero-Days Exploited Amidst Rising AI and OT System Attacks

Introduction

Recent events show immediate threats and strategic shifts in cybersecurity. These include active exploitation of vulnerabilities in widely used security software, targeted attacks on operational technology, and a re-evaluation of defense strategies due to AI capabilities. Understanding these connected developments is important for maintaining strong security.

This overview collects recent intelligence on three actively exploited Microsoft Defender zero-days, a new malware strain targeting critical infrastructure, AI's accelerating impact on vulnerability exploitation, and a ransomware group's evasion tactics. These incidents together demonstrate the need for continuous vigilance and adaptive security measures.

Each section details the threats, their observed impact, and broader implications for organizations.

Active Exploitation of Microsoft Defender Zero-Days

Threat actors are actively exploiting recently disclosed security flaws in Microsoft Defender to gain elevated privileges on compromised systems. Cybersecurity firm Huntress reported this activity, which involves three vulnerabilities. A researcher known as Chaotic Eclipse (aka Nightmare-Eclipse) released these as zero-days in response to Microsoft's vulnerability disclosure processes.

The vulnerabilities are codenamed BlueHammer, RedSun, and UnDefend. BlueHammer and RedSun are local privilege escalation (LPE) flaws that affect Microsoft Defender. UnDefend is a denial-of-service (DoS) condition that blocks definition updates, hindering endpoints from receiving security updates.

Microsoft addressed BlueHammer in its Patch Tuesday updates, tracking it under CVE-2026-33825. However, RedSun and UnDefend remain unpatched as of this report. Huntress observed active exploitation of all three flaws. BlueHammer was weaponized since April 10, 2026, with proof-of-concept (PoC) exploits for RedSun and UnDefend appearing on April 16, 2026.

These exploitation attempts followed typical enumeration commands, such as whoami /priv, cmdkey /list, and net group. Such commands indicate hands-on-keyboard threat actor activity, a pattern often observed in targeted attacks aimed at achieving a deeper system compromise. Organizations must integrate breach detection systems that can identify these post-exploitation indicators rapidly. Microsoft confirmed the BlueHammer exploit had been addressed via CVE-2026-33825.

Exploiting Industrial Control Systems

Darktrace researchers identified ZionSiphon, a new malware strain designed to target Operational Technology (OT) systems within Israeli water treatment and desalination plants. This malware sample, though incomplete, was built to locate specific Industrial Control System (ICS) settings. This indicates an intent to cause physical damage, such as altering chlorine levels or water pressure, instead of stealing data. This is a concern for supply-chain risk monitoring, especially for critical infrastructure.

ZionSiphon uses several mechanisms for infection and persistence. Upon infection, it checks for administrative rights with a function named RunAsAdmin(). It maintains a low profile by hiding a copy of itself and posing as a legitimate Windows process, svchost.exe. For persistence, it creates a registry key named SystemHealthCheck.

The malware also spreads via removable media like USB sticks. If a USB drive connects to an infected system, ZionSiphon copies itself onto the drive. It then hides the actual files and creates fake shortcuts using a tool called CreateUSBShortcut(), tricking users into executing the malware payload.

During reconnaissance, ZionSiphon actively searches for common ICS protocols, including Modbus, DNP3, and S7comm. It also seeks specific configuration files, such as DesalConfig.ini and ChlorineControl.dat. The malware contains an embedded list of target Israeli plant locations: Sorek, Hadera, Ashdod, Shafdan, and Palmachim.

The code for ZionSiphon included hidden messages supporting Iran, Yemen, and Palestine, with one note referring to "Poisoning the population of Tel Aviv and Haifa." The threat actors identified themselves as 0xICS and mentioned Dimona, a city known for its nuclear research center. Despite these intentions, the malware contained coding errors, such as a faulty SelfDestruct() feature that could prematurely delete itself if it misidentified the system's location. It also creates a delete.bat file to remove its traces. These politically motivated attacks show the importance of dark web monitoring and underground forum information to uncover threat actor intentions and capabilities.

Anthropic's Mythos AI and Cybersecurity Timelines

Advanced artificial intelligence is changing the cybersecurity industry. A recent industry report, "The 'AI Vulnerability Storm': Building a 'Mythos-Ready' Security Program," warns that Anthropic's Mythos AI will accelerate the timeline between vulnerability discovery and exploitation. This report, developed by the SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP GenAI, describes Mythos as a significant change.

The report indicates that Mythos has compressed the window for vulnerability exploitation from minutes (predicted for 2025) to merely hours. Anthropic's Claude Mythos Preview, announced on April 7, can identify and exploit vulnerabilities across operating systems and web browsers, generate exploit code without human intervention, and orchestrate complex attack chains. This presents a challenge for existing cybersecurity strategies, emphasizing the need for cyber threat intelligence platforms.

Attackers gain an advantage from this accelerated timeline because organizational patching cycles, incident response processes, and vulnerability tracking systems are not designed to operate at AI-enabled speeds. The uneven application of patches across organizations further exacerbates this disparity. For instance, real-time ransomware intelligence becomes even more critical when new exploits can be weaponized within hours.

Cybersecurity operations should begin by "pointing AI at their own systems" to uncover weaknesses. Organizations must also reassess business risk and acceptable downtime. Traditional two-hour outage windows for reboots may no longer be viable with continuous zero-day threats. Strengthening traditional security controls remains essential, including limiting blast radius, reducing excessive access, improving threat hunting capabilities, and shortening mean time to detect intrusions. Training and exercises should simulate responses to multiple concurrent attacks, reflecting the new operational realities.

Financial Sector Concerns About AI-Driven Cyber Risks

Senior international financial officials have expressed concerns that new AI models, particularly Anthropic's Mythos, could expose structural weaknesses in the global banking system. These warnings were issued during the International Monetary Fund (IMF) and World Bank spring meetings in Washington. Finance ministers, central bankers, and regulators showed that advanced AI systems could be a source of financial instability if not managed with coordinated oversight.

IMF Managing Director Kristalina Georgiva stated that the international monetary system currently lacks protection against AI-posed "cyber risks," advocating for guardrails to protect financial stability. European Central Bank (ECB) President Christine Lagarde noted that Mythos demonstrates how systems designed for beneficial applications can pose risks if misused. The ECB is convening a call with Eurozone banks to discuss Mythos's implications for their cybersecurity defenses, a proactive measure for breach detection and prevention.

Similar discussions took place between U.S. Secretary of the Treasury Scott Bessent and Federal Reserve Chair Jay Powell with major U.S. banks. The consensus is that advanced AI models could automate vulnerability discovery, generate exploit code, and accelerate cyberattacks against financial institutions and payment infrastructure. This requires constant real-time ransomware information, as the financial sector is a primary target for high-impact attacks.

Bank of England Governor Andrew Bailey characterized the rapid AI evolution as a "serious challenge" for regulators. Canada Finance Minister François-Philippe Champagne described Mythos as an "unknown unknown" for policymakers, showing the unpredictable nature of this technological change. Major financial institutions, including Goldman Sachs, are already evaluating these risks, with CEO David Solomon confirming the firm is "hyperaware" of potential vulnerabilities associated with emerging AI models. Organizations must enhance their credential information capabilities to counter these AI-driven attacks.

Payouts King Ransomware Uses Virtual Machines for Evasion

The Payouts King ransomware operation uses the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines (VMs) on compromised systems, bypassing traditional endpoint security solutions. Host security solutions typically cannot scan inside these VMs, so attackers use them to execute payloads, store malicious files, and establish covert remote access tunnels over SSH. This evasion technique has been observed in past operations by groups like 3AM ransomware, LoudMiner cryptomining, and 'CRON#TRAP' phishing campaigns.

Sophos researchers documented two distinct campaigns using this method. One campaign, tracked as STAC4713, began in November 2025 and is linked to the Payouts King ransomware operation. This operation is associated with the GOLD ENCOUNTER threat group, known for targeting hypervisors and encryptors in VMware and ESXi environments.

In the STAC4713 campaign, the malicious actor created a scheduled task named 'TPMProfiler' to launch a hidden QEMU VM with SYSTEM privileges. They disguised virtual disk files as legitimate databases and DLL files and configured port forwarding to enable covert SSH access to the infected host via a reverse SSH tunnel. The VM runs Alpine Linux version 3.22.0 and includes attacker tools such as AdaptixC2, Chisel, BusyBox, and Rclone. Initial access was primarily achieved through exposed SonicWall VPNs and exploitation of the SolarWinds Web Help Desk vulnerability CVE-2025-26399. The threat actors also recently used exposed Cisco SSL VPNs and social engineering tactics, posing as IT staff on Microsoft Teams to trick employees into installing QuickAssist. After gaining access, they used the legitimate ADNotificationManager.exe binary to sideload a Havoc C2 payload (vcruntime140_1.dll) and then used Rclone for data exfiltration to a remote SFTP location. A Zscaler report indicates Payouts King is connected to former BlackBasta affiliates, sharing initial access methods like spam bombing, Microsoft Teams phishing, and Quick Assist abuse. This ransomware employs heavy obfuscation, anti-analysis mechanisms, establishes persistence via scheduled tasks, and terminates security tools using low-level system calls. Its encryption scheme uses AES-256 (CTR) with RSA-4096 and intermittent encryption for larger files, directing victims to dark web leak sites via ransom notes. Organizations benefit from live ransomware API to track such evolving threats.

The second campaign, STAC3725, observed since February 2026, exploits the CitrixBleed 2 vulnerability (CVE-2025-5777) in NetScaler ADC and Gateway instances to gain initial access. Following compromise, attackers deploy a ZIP archive containing a malicious executable that installs an 'AppMgmt' service, creates a local admin user named CtxAppVCOMService, and installs a ScreenConnect client for persistence. This client establishes a system-privileged session with a remote relay server, subsequently dropping and extracting a QEMU package that runs a hidden Alpine Linux VM using a custom .qcow2 disk image. Instead of using pre-built toolkits, the attackers manually install and compile tools such as Impacket, KrbRelayx, Coercer, BloodHound.py, NetExec, Kerbrute, and Metasploit inside the VM. Observed post-exploitation activities include credential harvesting, Kerberos username enumeration, Active Directory reconnaissance, and staging data for exfiltration to FTP servers. Detecting such covert operations requires continuous dark web monitoring and breach detection systems. Sophos advises organizations to monitor for unauthorized QEMU installations, suspicious scheduled tasks running with SYSTEM privileges, unusual SSH port forwarding, and outbound SSH tunnels on non-standard ports.

Technical Takeaways

  • The exploitation of CVE-2026-33825 (BlueHammer), RedSun, and UnDefend in Microsoft Defender is an immediate threat to endpoint security, with RedSun and UnDefend lacking official patches as of mid-April 2026.
  • ZionSiphon malware focuses on Operational Technology (OT) systems for infrastructure, using USB-based propagation and targeting specific ICS protocols and configuration files for physical disruption.
  • Anthropic's Mythos AI accelerates the vulnerability exploitation window to hours, requiring a re-evaluation of current patch cycles, incident response plans, and the overall pace of cybersecurity operations.
  • International financial bodies express concern that advanced AI models will expose weaknesses in global banking, potentially automating and accelerating attacks against financial infrastructure.
  • The Payouts King ransomware group uses QEMU virtual machines as an evasion technique, deploying hidden Alpine Linux environments via reverse SSH tunnels to bypass endpoint detection and execute malicious tooling.